[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 29 21:25:23 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5723b22e by Salvatore Bonaccorso at 2026-04-29T22:25:06+02:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,17 +37,17 @@ CVE-2026-6915 (An authorization flaw in the user management command could allow
 CVE-2026-6914 (Computing the MD5 checksum of a malformed BSON object under specific c ...)
 	- mongodb <removed>
 CVE-2026-6849 (Improper neutralization of special elements used in an OS command ('OS ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute
 CVE-2026-5712 (This vulnerability impacts all versions of IdentityIQ and allows an au ...)
-	TODO: check
+	NOT-FOR-US: Sailpoint
 CVE-2026-5166 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute
 CVE-2026-5161 (Improper link resolution before file access ('link following') vulnera ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute
 CVE-2026-5141 (Improper Privilege Management, Improper Access Control, Incorrect priv ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute
 CVE-2026-5140 (Improper neutralization of CRLF sequences ('CRLF injection') vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute
 CVE-2026-4019 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-42652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -81,17 +81,17 @@ CVE-2026-42520 (Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlie
 CVE-2026-42519 (A missing permission check in Jenkins Script Security Plugin 1399.ve6a ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-42518 (This vulnerability exists in e-Sushrut due to disclosure of sensitive  ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42517 (This vulnerability exists in e-Sushrut due to the use of reversible Ba ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42516 (This vulnerability exists in e-Sushrut due to improper authorization c ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42515 (This vulnerability exists in e-Sushrut due to improper access control  ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42514 (This vulnerability exists in e-Sushrut due to exposure of OTPs in plai ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42513 (This vulnerability exists in e-Sushrut due to improper authentication  ...)
-	TODO: check
+	NOT-FOR-US: e-Sushrut
 CVE-2026-42412 (Missing Authorization vulnerability in weDevs WP User Frontend allows  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42377 (Missing Authorization vulnerability in Brainstorm Force SureForms Pro  ...)
@@ -103,23 +103,23 @@ CVE-2026-42248 (Ollama for Windows does not perform integrity or authenticity ve
 CVE-2026-41952 (Local privilege escalation due to improper input validation. The follo ...)
 	NOT-FOR-US: Acronis
 CVE-2026-41940 (cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54 ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2026-41499 (Wazuh is a free and open source platform used for threat prevention, d ...)
-	TODO: check
+	NOT-FOR-US: Wazuh
 CVE-2026-41220 (Local privilege escalation due to improper input validation. The follo ...)
 	NOT-FOR-US: Acronis
 CVE-2026-40230 (Helpy contains a stored cross-site scripting vulnerability in the know ...)
-	TODO: check
+	NOT-FOR-US: Helpy
 CVE-2026-40229 (Helpy contains a stored cross-site scripting vulnerability in the post ...)
-	TODO: check
+	NOT-FOR-US: Helpy
 CVE-2026-3325 (SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the \u201cid_ ...)
 	TODO: check
 CVE-2026-38993 (Cockpit 2.13.5 and earlier is vulnerable to directory traversal via th ...)
-	TODO: check
+	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2026-38992 (Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution  ...)
-	TODO: check
+	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2026-38991 (Cockpit 2.13.5 and earlier is affected by a misconfiguration within th ...)
-	TODO: check
+	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2026-37555 (An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF  ...)
 	TODO: check
 CVE-2026-36841 (TOTOLINK N200RE V5 was discovered to contain a command injection vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5723b22efdfa8c6e7cbfc65f79333146ece687e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5723b22efdfa8c6e7cbfc65f79333146ece687e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/3689b63e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list